Pessoal tenho uma consulta no banco que me retorna os dados de um usuário corretamente com sua senha criptografada, depois o spring faz automaticamente a comparação para verificar se a senha digitada já no formato MD5 é igual a consulta vinda do banco de dados. Porém ele não retorna true deixando a senha vinda do banco modificada.
Veja no código do exemplo e as senhas do usuário digitado e a senha do banco de dados.
Senha do usuário - pass1: 21232F297A57A5A743894A0E4A801FC3
Senha convertida pelo spring - pass2: d41d8cd98f00b204e9800998ecf8427e
/**
* Takes a previously encoded password and compares it with a rawpassword after mixing in the salt and
* encoding that value
*
* @param encPass previously encoded password
* @param rawPass plain text password
* @param salt salt to mix into password
* @return true or false
*/
public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
String pass1 = "" + encPass;
String pass2 = encodePassword(rawPass, salt);
return pass1.equals(pass2);
}
}
E por ultimo a mensagem exibida pelo Spring:
2011-02-21 23:54:38,934 WARN org.springframework.security.event.authentication.LoggerListener - Authentication event AuthenticationFailureBadCredentialsEvent: ; details: org.springframework.security.ui.WebAuthenticationDetails@2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: F7D72596DD3F6AC2D9C31967D890B62C; exception: Bad credentials
Pessoal eu descobri que este valor : d41d8cd98f00b204e9800998ecf8427e é quando a senha do banco está chegando vazia para o ser comparado, ou seja, o spring através da variávell “rawPass” está pegando o valor que é vazio e está convertendo para este código MD5. Como posso corrigir esta falha?
Segue meu application-Context.xml :
[code] <?xml version="1.0" encoding="UTF-8"?>
<bean id="httpSessionContextIntegrationFilter"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
<bean id="filterChainProxy"
class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,formAuthenticationProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
</value>
</property>
</bean>
<!-- Exemplo de formAuthenticationProcessingFilter -->
<bean id="formAuthenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" >
<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
<property name="authenticationFailureUrl" value="${acegi.login.invalido}"/>
<property name="defaultTargetUrl" value="${acegi.url.default}"/>
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<bean id="anonymousProcessingFilter"
class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="anonymous" />
<property name="userAttribute" value="anonymous,ROLE_ANONYMOUS" />
</bean>
<bean id="exceptionTranslationFilter"
class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint"
ref="formLoginAuthenticationEntryPoint" />
<property name="accessDeniedHandler">
<bean
class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage"
value="${spring.security.acesso.negado}" />
</bean>
</property>
</bean>
<security:ldap-authentication-provider
server-ref="ok_ldap"
group-search-filter="cn={0}"
group-search-base="(ou=Auth, dc=mydomain, dc=no)"
user-search-filter="(employeeNumber={0})"
user-search-base="ou=People, dc=mydomain, dc=no"
>
<security:password-compare hash="md5">
<security:password-encoder hash="md5"/>
</security:password-compare>
</security:ldap-authentication-provider>
<bean id="passwordEncoder"
class="org.springframework.security.providers.encoding.Md5PasswordEncoder" />
<bean id="authenticationManager"
class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
<property name="passwordEncoder" ref="passwordEncoder" />
</bean>
<bean id="userDetailsService"
class="com.estrutura.seguranca.UserDetailsServiceImpl">
<property name="userDetailsServiceAdapter" ref="userDetailsServiceAdapter" />
</bean>
<bean id="userDetailsServiceAdapter" name="userDetailsServiceAdapter" class="virtua.negocio.service.comum.UsuarioServiceImpl" />
<bean id="accessDecisionManager"
class="org.springframework.security.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
<property name="rolePrefix" value="" />
</bean>
<bean id="formLoginAuthenticationEntryPoint"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="${spring.security.login}" />
<property name="forceHttps" value="false" />
</bean>
[/code]